index.php 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398
  1. <?php
  2. // SVMM - Simple VM Manager - For Qemu KVM
  3. // (C) Chris Dorman, 2020
  4. // License: CC-BY-NC-SA version 3.0
  5. // http://github.com/Pentium44/SVMM
  6. session_start();
  7. include "config.php";
  8. include "functions.php";
  9. // check if flatfile database location is populated
  10. if(!file_exists("svmm_db"))
  11. {
  12. mkdir("svmm_db", 0777);
  13. }
  14. if(!file_exists("svmm_db/events"))
  15. {
  16. mkdir("svmm_db/events", 0777);
  17. }
  18. if(!file_exists("svmm_db/disks"))
  19. {
  20. mkdir("svmm_db/disks", 0777);
  21. }
  22. if(!file_exists("svmm_db/pids"))
  23. {
  24. mkdir("svmm_db/pids", 0777);
  25. }
  26. if(!file_exists("svmm_db/users"))
  27. {
  28. mkdir("svmm_db/users", 0777);
  29. }
  30. if(!file_exists("svmm_db/users/usercount"))
  31. {
  32. file_put_contents("svmm_db/users/usercount", "9");
  33. }
  34. $username = $_SESSION['svmm-user'];
  35. ?>
  36. <!DOCTYPE html>
  37. <html lang="en-us">
  38. <head>
  39. <title><?php echo $svmmtitle; ?></title>
  40. <meta http-equiv="content-type" content="text/html; charset=utf-8">
  41. <meta name="viewport" content="width=device-width, initial-scale=.55, shrink-to-fit=yes"><meta name="description" content="<?php echo htmlentities($svmmtitle) . " - " . $desc; ?>">
  42. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
  43. <link rel="stylesheet" type="text/css" href="style.css">
  44. </head>
  45. <body>
  46. <div class="maincontain">
  47. <div id="navcontainer">
  48. <div id="navbar"><!--
  49. <?php if(isset($_SESSION['svmm-user']) && isset($_SESSION['svmm-pass'])) { ?>
  50. --><a href="index.php">Create</a><!--
  51. --><a href="?do=manage">Manage</a><!--
  52. --><a href="?do=about">About</a><!--
  53. --><a href="?do=logout">Logout</a><!--
  54. <?php } else {?>
  55. --><a href="?forms=login">Login</a><!--
  56. --><a href="?forms=register">Register</a><!--
  57. --><a href="?do=about">About</a><!--
  58. <?php } ?>
  59. --></div>
  60. </div>
  61. <div class='title'><img src='freebox-logo.png' /></div>
  62. <div class='contain'>
  63. <?php
  64. if(isset($_GET['forms']))
  65. {
  66. $forms = $_GET['forms'];
  67. $id = $_GET['pid'];
  68. if($forms=="register") {
  69. registerForm();
  70. }
  71. else if($forms=="login") {
  72. loginForm();
  73. }
  74. else { echo "ERROR: Unknown form-name<br>"; }
  75. }
  76. else if(isset($_GET['notify']))
  77. {
  78. $notify = $_GET['notify'];
  79. if($notify=="1") { echo "Error: User not found"; }
  80. else if($notify=="2") { echo "Error: Incorrect password provided"; }
  81. else if($notify=="3") { echo "Error: Please fill out all the text boxes"; }
  82. else if($notify=="4") { echo "Error: The provided passwords did not match"; }
  83. else if($notify=="5") { echo "Error: Special characters cannot be used in your username"; }
  84. else if($notify=="6") { echo "Error: This username is already in use"; }
  85. else { echo "Error: unknown error... this is quite unusual..."; }
  86. }
  87. else if(isset($_GET['do']))
  88. {
  89. $do = $_GET['do'];
  90. // Server admin can just delete ssb_db
  91. /*if($do=="clean")
  92. {
  93. if($_POST['password']!="" && $_POST['password']==$pw)
  94. {
  95. $db_content = glob("ssb_db/" . '*', GLOB_MARK);
  96. foreach($db_content as $file)
  97. {
  98. unlink($file);
  99. }
  100. rmdir("ssb_db");
  101. echo "Database Cleaned<br>";
  102. }
  103. else
  104. {
  105. echo "ERROR: Wrong Password<br>";
  106. }
  107. }*/
  108. // grab session values and send friend request functions.
  109. if($do=="create-medium") {
  110. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  111. include("svmm_db/users/$username.php");
  112. if(!file_exists("svmm_db/disks/$userid.img")) {
  113. if(!copy("svmm_db/disks/alpine.img", "svmm_db/disks/$userid.img"))
  114. {
  115. echo "Error copying new disk image to user location... Please contact the system administrator!";
  116. }
  117. else
  118. {
  119. // Trigger event to start VM!
  120. file_put_contents("svmm_db/events/$userid", "./machine start-medium $userid");
  121. file_put_contents("ssvm_db/users/$userid.type", "medium");
  122. echo "VM created! Refer to the user management panel for start / up info.";
  123. }
  124. } else {
  125. echo "Error: VM exists, please click &quot;Manage&quot; to start / stop your VM or to download a disk backup.";
  126. }
  127. }
  128. }
  129. // For real VMs
  130. if($do=="create-mini") {
  131. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  132. include("svmm_db/users/$username.php");
  133. if(!file_exists("svmm_db/disks/$userid.img")) {
  134. if(!copy("svmm_db/disks/slitaz.img", "svmm_db/disks/$userid.img"))
  135. {
  136. echo "Error copying new disk image to user location... Please contact the system administrator!";
  137. }
  138. else
  139. {
  140. // Trigger event to start VM!
  141. file_put_contents("svmm_db/events/$userid", "./machine start-mini $userid");
  142. file_put_contents("svmm_db/users/$userid.type", "mini");
  143. echo "VM created! Refer to the user management panel for start / up info.";
  144. }
  145. } else {
  146. echo "Error: VM exists, please click &quot;Manage&quot; to start / stop your VM or to download a disk backup.";
  147. }
  148. }
  149. }
  150. if($do=="start") {
  151. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  152. include("svmm_db/users/$username.php");
  153. if(file_exists("svmm_db/disks/$userid.img")) {
  154. if(!file_exists("svmm_db/users/$userid.pid.statuscode")) {
  155. echo "Pending: VM is pending creation, this process shouldn't take longer than 30 seconds...";
  156. } else {
  157. $vmstatus = file_get_contents("svmm_db/users/$userid.pid.statuscode");
  158. if($vmstatus == "false") {
  159. $vmtype = file_get_contents("svmm_db/users/$userid.type");
  160. if(!file_exists("svmm_db/users/$userid.type") || $vmtype == "medium") {
  161. file_put_contents("svmm_db/events/$userid", "./machine start-medium $userid");
  162. } else if($vmtype == "mini") {
  163. file_put_contents("svmm_db/events/$userid", "./machine start-mini $userid");
  164. }
  165. header("Location: index.php?do=manage");
  166. } else {
  167. echo "VM already running...";
  168. }
  169. }
  170. } else {
  171. echo "ERROR: VM not found!";
  172. }
  173. }
  174. }
  175. if($do=="stop") {
  176. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  177. include("svmm_db/users/$username.php");
  178. if(file_exists("svmm_db/disks/$userid.img")) {
  179. if(!file_exists("svmm_db/users/$userid.pid.statuscode")) {
  180. echo "Pending: VM is pending creation, this process shouldn't take longer than 30 seconds...";
  181. } else {
  182. $vmstatus = file_get_contents("svmm_db/users/$userid.pid.statuscode");
  183. if($vmstatus == "true") {
  184. file_put_contents("svmm_db/events/$userid", "./machine stop $userid");
  185. header("Location: index.php?do=manage");
  186. } else {
  187. echo "VM already stopped...";
  188. }
  189. }
  190. } else {
  191. echo "ERROR: VM not found!";
  192. }
  193. }
  194. }
  195. if($do=="delete") {
  196. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  197. include("svmm_db/users/$username.php");
  198. if(file_exists("svmm_db/disks/$userid.img")) {
  199. $vmstatus = file_get_contents("svmm_db/users/$userid.pid.statuscode");
  200. if($vmstatus == "true") {
  201. file_put_contents("svmm_db/events/$userid", "./machine del $userid");
  202. sleep(2);
  203. unlink("svmm_db/users/$userid.pid.status");
  204. unlink("svmm_db/users/$userid.pid.statuscode");
  205. header("Location: index.php");
  206. } else {
  207. unlink("svmm_db/users/$userid.pid.status");
  208. unlink("svmm_db/users/$userid.pid.statuscode");
  209. unlink("svmm_db/pids/$userid.pid");
  210. unlink("svmm_db/disks/$userid.img");
  211. header("Location: index.php");
  212. }
  213. } else {
  214. echo "ERROR: VM not found!";
  215. }
  216. }
  217. }
  218. if($do=="manage") {
  219. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  220. include("svmm_db/users/$username.php");
  221. if(file_exists("svmm_db/disks/$userid.img")) {
  222. if(!file_exists("svmm_db/users/$userid.pid.status")) {
  223. echo "Please wait: VM is being created, this process shouldn't take longer than 30 seconds...";
  224. // Refresh the page every 5 seconds for updates on the VM status.
  225. echo "<meta http-equiv='refresh' content='5' />";
  226. } else {
  227. echo $username . "'s VM<br /> VM status: ";
  228. $vmstatus = file_get_contents("svmm_db/users/$userid.pid.status");
  229. echo $vmstatus;
  230. echo "<br /><a href='index.php?do=start' class='button'>Start</a>&nbsp;<a href='index.php?do=stop' class='button'>Stop</a>&nbsp;<a href='index.php?do=delete' class='button'>Delete</a><br />";
  231. echo "The VM manipulation functions above take time to process, the page will update within 1 minute";
  232. echo "<br /><br />";
  233. echo "<b>Connection information (Via SSH):</b><br />";
  234. echo "<table><tr><td>IP/Port:</td><td> cddo.cf/" . $userid . "22</td></tr>";
  235. echo "<tr><td>Default username:</td><td> user</td></tr>";
  236. echo "<tr><td>Default user password:</td><td> user</td></tr>";
  237. echo "<tr><td style='padding-right: 30px;'>Default root password: </td><td>root</td></tr></table><br />";
  238. echo "<b>Available ports for use:</b>";
  239. echo "<table><tr><td style='padding-right:30px;'>Server side port</td><td>External port (viewable)</td></tr>";
  240. echo "<tr><td>21</td><td>" . $userid . "21</td></tr>";
  241. echo "<tr><td>22</td><td>" . $userid . "22</td></tr>";
  242. echo "<tr><td>80</td><td>" . $userid . "80</td></tr>";
  243. //echo "<tr><td>25565</td><td>" . $userid . "65</td></tr>";
  244. echo "<tr><td>6666</td><td>" . $userid . "66</td></tr>";
  245. echo "<tr><td>6667</td><td>" . $userid . "67</td></tr>";
  246. echo "</table>";
  247. // Refresh the page every 5 seconds for updates on the VM status.
  248. echo "<meta http-equiv='refresh' content='5' />";
  249. }
  250. } else {
  251. echo "ERROR: VM not found!";
  252. }
  253. }
  254. }
  255. if($do=="about")
  256. {
  257. echo "<h2>About</h2>";
  258. echo "<p>" . $desc;
  259. echo "<br />If anyone runs into any issues with the FreeBox services, or wants to request a registration code; please reach out at cddo [at] riseup [dot] net.<br />";
  260. echo "<br />If you enjoy the FreeBox services, please consider donating!";
  261. echo '<form action="https://www.paypal.com/donate" method="post" target="_top">
  262. <input type="hidden" name="cmd" value="_donations" />
  263. <input type="hidden" name="business" value="cdorm245@gmail.com" />
  264. <input type="hidden" name="currency_code" value="USD" />
  265. <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" title="PayPal - The safer, easier way to pay online!" alt="Donate with PayPal button" />
  266. <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1" />
  267. </form></p>';
  268. }
  269. if($do=="login")
  270. {
  271. $username = $_POST['username'];
  272. if(file_exists("svmm_db/users/$username.php")) {
  273. include_once("svmm_db/users/$username.php");
  274. if($user_password==sha1(md5($_POST['password']))) {
  275. $pass = $user_password;
  276. $user = $username;
  277. $color = $user_color;
  278. $_SESSION['svmm-user'] = $user;
  279. $_SESSION['svmm-pass'] = $pass;
  280. header("Location: index.php");
  281. } else {
  282. echo "Wrong password!";
  283. }
  284. } else {
  285. echo "User $username not found!";
  286. }
  287. }
  288. if($do=="logout")
  289. {
  290. $_SESSION['svmm-user'] = null;
  291. $_SESSION['svmm-pass'] = null;
  292. header("Location: index.php?forms=login");
  293. }
  294. if($do=="register")
  295. {
  296. if($_POST['username']!="" && $_POST['password']!="" && $_POST['password-again']!="" && $_POST['fullname']!="" && isset($_POST['email']) && $_POST['email']!="") {
  297. if($_POST['password']==$_POST['password-again']) {
  298. if(!preg_match('/[^a-z0-9]/i', $_POST['username'])) {
  299. if(!file_exists("svmm_db/users/" . $_POST['username'] . ".php")) {
  300. $vpscount = file_get_contents("svmm_db/users/usercount");
  301. if($vpscount < $maxvm)
  302. {
  303. if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
  304. if(stripslashes(htmlentities($_POST['codeword'])) == $panelpass) {
  305. $vpscount = $vpscount + 1;
  306. file_put_contents("svmm_db/users/usercount", $vpscount);
  307. file_put_contents("svmm_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".php", "<?php\n\$user_handle = \"" . stripslashes(htmlentities($_POST['username'])) . "\";\n\$user_password = \"" . sha1(md5($_POST['password'])) . "\";\n \$user_email = \"" . stripslashes(htmlentities($_POST['email'])) . "\"; \$user_fullname = \"" . stripslashes(htmlentities($_POST['fullname'])) . "\"; \$userid = \"" . $vpscount . "\";\n?>");
  308. header("Location: index.php");
  309. }
  310. else
  311. {
  312. echo "ERROR: Registration code incorrect, please try again!";
  313. }
  314. }
  315. else
  316. {
  317. echo "ERROR: Email is invalid!";
  318. }
  319. }
  320. else
  321. {
  322. echo "ERROR: VPS cap reached!";
  323. }
  324. } else {
  325. header("Location: index.php?notify=6");
  326. }
  327. } else {
  328. header("Location: index.php?notify=5");
  329. }
  330. } else {
  331. header("Location: index.php?notify=4");
  332. }
  333. } else {
  334. header("Location: index.php?notify=3");
  335. }
  336. }
  337. }
  338. else if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass']))
  339. {
  340. header("Location: index.php?do=about");
  341. }
  342. else
  343. {
  344. include("svmm_db/users/$username.php");
  345. if(!file_exists("svmm_db/disks/$userid.img"))
  346. {
  347. echo "<h3>Free VPS creation</h3>";
  348. echo "<p>Each user will have the ability to create a VM, and will have a consistent uptime unless FreeBox ends up being disabled due to malicious users improperly using the virtual machines.</p>";
  349. echo "<table><tr><td style='vertical-align: top; width: 50%; '>Best VM for IRC bouncers / session idling CLI IRC clients. Great for small websites and some development.<br /><br />";
  350. echo "<ul><li>CPU: 10% of 1x Xeon E5649 core</li><li>RAM: 48MB dedicated</li><li>Disk: 500MB dedicated space</li><li>OS: SliTaz GNU/Linux</li><li>Network: 10mbps down + 5mbps upload</li><li>Select available ports for server operation</li></ul>";
  351. echo "<div style='display:block;width:100%;text-align:center;'><a href='index.php?do=create-mini' class='button'>Create a Micro Box</a></div>";
  352. echo "</td><td style='vertical-align: top; width: 50%;'>Best VM for development / IRC server hosting / FTP server hosting. Awesome for hosting source tarballs, websites, forums, git repo, and more!";
  353. echo "<ul><li>CPU: 25% of 1x Xeon E5649 core</li><li>RAM: 192MB dedicated</li><li>Disk: 10GB dedicated space</li><li>OS: Alpine GNU/Linux</li><li>Network: 10mbps down + 5mbps upload</li><li>Select available ports for server operation</li></ul>";
  354. echo "<div style='display:block;width:100%;text-align:center;'><a href='index.php?do=create-medium' class='button'>Create a Mini Box</a></div>";
  355. echo "</td></tr></table>";
  356. }
  357. else
  358. {
  359. echo "<p>You've been assigned a VPS, click &quot;Manage&quot; for more information on your server.</p>";
  360. }
  361. }
  362. ?>
  363. <br /><br />
  364. <div style="margin: auto; width: 100%; text-align: center; background-color: #555555; padding: 3px;">Powered By <a href="https://notabug.org/Pentium44/SVMM">SVMM</a> <?php echo $version; ?></div>
  365. </div>
  366. </div> <!-- main contain -->
  367. </body>
  368. </html>